Currently, our MQTT publishing/subscription auth logic is:
allow all to publish
deny all to subscribe EXCEPT certain users/IPs
We can improve the user auth part to be more secure by building upon the work done in https://github.com/fablabbcn/smartcitizen-api/pull/318, by also having checks for the type of user in the platform and by passing the auth bearer.
Currently, our MQTT publishing/subscription auth logic is:
We can improve the user auth part to be more secure by building upon the work done in https://github.com/fablabbcn/smartcitizen-api/pull/318, by also having checks for the type of user in the platform and by passing the auth bearer.